Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/cups: security bump to v2.4.14

Browse Source 
See the release notes:

- https://github.com/OpenPrinting/cups/releases/tag/v2.4.13
- https://github.com/OpenPrinting/cups/releases/tag/v2.4.14

This fixes the following vulnerabilities:
- CVE-2025-58060:
    OpenPrinting CUPS is an open source printing system for Linux and
    other Unix-like operating systems. In versions 2.4.12 and earlier,
    when the `AuthType` is set to anything but `Basic`, if the request
    contains an `Authorization: Basic ...` header, the password is not
    checked. This results in authentication bypass. Any configuration that
    allows an `AuthType` that is not `Basic` is affected. Version 2.4.13
    fixes the issue.
    https://www.cve.org/CVERecord?id=CVE-2025-58060

- CVE-2025-58364:
    OpenPrinting CUPS is an open source printing system for Linux and
    other Unix-like operating systems. In versions 2.4.12 and earlier, an
    unsafe deserialization and validation of printer attributes causes
    null dereference in the libcups library. This is a remote DoS
    vulnerability available in local subnet in default configurations. It
    can cause the cups & cups-browsed to crash, on all the machines in
    local network who are listening for printers (so by default for all
    regular linux machines). On systems where the vulnerability
    CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was
    not fixed, and the firewall on the machine does not reject incoming
    communication to IPP port, and the machine is set to be available to
    public internet, attack vector "Network" is possible. The current
    versions of CUPS and cups-browsed projects have the attack vector
    "Adjacent" in their default configurations. Version 2.4.13 contains a
    patch for CVE-2025-58364.
    https://www.cve.org/CVERecord?id=CVE-2025-58364

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit is contained in:
Titouan Christophe
2025-09-23 15:11:34 +02:00
committed by Julien Olivain
parent 5f63c441f8
commit 89fd61a127
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package/cups/cups.hash
View File

@@ -1,4 +1,4 @@
# Locally calculated:
sha256 b1dde191a4ae2760c47220c82ca6155a28c382701e6c1a0159d1054990231d59 cups-2.4.12-source.tar.gz
sha256 660288020dd6f79caf799811c4c1a3207a48689899ac2093959d70a3bdcb7699 cups-2.4.14-source.tar.gz
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 LICENSE
sha256 977206f041b9a6f47ac00531e1242c0fab7063da71178f8d868b167b70866b6d NOTICE

2
package/cups/cups.mk
View File

@@ -4,7 +4,7 @@
#
################################################################################
CUPS_VERSION = 2.4.12
CUPS_VERSION = 2.4.14
CUPS_SOURCE = cups-$(CUPS_VERSION)-source.tar.gz
CUPS_SITE = https://github.com/OpenPrinting/cups/releases/download/v$(CUPS_VERSION)
CUPS_LICENSE = Apache-2.0 with GPL-2.0/LGPL-2.0 exception